| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | netfilter: ipset: Fix oversized kvmalloc() calls | Jozsef Kadlecsik | 2021-10-06 | 1 | -2/+2 |
| * | ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 | Andrea Claudi | 2021-10-06 | 1 | -0/+4 |
| * | netfilter: conntrack: collect all entries in one cycle | Florian Westphal | 2021-09-03 | 1 | -49/+22 |
| * | netfilter: nft_exthdr: fix endianness of tcp option cast | Sergey Marinkevich | 2021-08-26 | 1 | -5/+3 |
| * | netfilter: nft_nat: allow to specify layer 4 protocol NAT only | Pablo Neira Ayuso | 2021-08-04 | 1 | -1/+3 |
| * | netfilter: conntrack: adjust stop timestamp to real expiry value | Florian Westphal | 2021-08-04 | 1 | -1/+6 |
| * | netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo | Vasily Averin | 2021-07-25 | 1 | -0/+3 |
| * | netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols | Pablo Neira Ayuso | 2021-07-14 | 1 | -1/+8 |
| * | netfilter: nft_osf: check for TCP packet before further processing | Pablo Neira Ayuso | 2021-07-14 | 1 | -0/+5 |
| * | netfilter: nft_exthdr: check for IPv6 packet before further processing | Pablo Neira Ayuso | 2021-07-14 | 1 | -0/+3 |
| * | netfilter: synproxy: Fix out of bounds when parsing TCP options | Maxim Mikityanskiy | 2021-06-23 | 1 | -0/+5 |
| * | netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches | Pablo Neira Ayuso | 2021-06-10 | 1 | -2/+6 |
| * | netfilter: nft_ct: skip expectations for confirmed conntrack | Pablo Neira Ayuso | 2021-06-10 | 1 | -1/+1 |
| * | ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service | Julian Anastasov | 2021-06-10 | 1 | -1/+1 |
| * | netfilter: conntrack: unregister ipv4 sockopts on error unwind | Florian Westphal | 2021-06-10 | 1 | -1/+1 |
| * | netfilter: conntrack: Make global sysctls readonly in non-init netns | Jonathon Reinhart | 2021-05-19 | 1 | -1/+4 |
| * | netfilter: nftables: avoid overflows in nft_hash_buckets() | Eric Dumazet | 2021-05-19 | 1 | -1/+9 |
| * | netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check | Pablo Neira Ayuso | 2021-05-19 | 1 | -0/+2 |
| * | netfilter: xt_SECMARK: add new revision to fix structure layout | Pablo Neira Ayuso | 2021-05-19 | 1 | -19/+69 |
| * | netfilter: nft_limit: avoid possible divide error in nft_limit_init | Eric Dumazet | 2021-04-21 | 1 | -2/+2 |
| * | netfilter: conntrack: do not print icmpv6 as unknown via /proc | Pablo Neira Ayuso | 2021-04-21 | 1 | -0/+1 |
| * | netfilter: x_tables: fix compat match/target pad out-of-bound write | Florian Westphal | 2021-04-16 | 1 | -8/+2 |
| * | netfilter: conntrack: Fix gre tunneling over ipv6 | Ludovic Senecaux | 2021-04-10 | 1 | -3/+0 |
| * | netfilter: x_tables: Use correct memory barriers. | Mark Tomlinson | 2021-03-30 | 1 | -1/+1 |
| * | Revert "netfilter: x_tables: Switch synchronization to RCU" | Mark Tomlinson | 2021-03-30 | 1 | -15/+34 |
| * | netfilter: ctnetlink: fix dump of the expect mask attribute | Florian Westphal | 2021-03-30 | 1 | -0/+1 |
| * | netfilter: x_tables: gpf inside xt_find_revision() | Vasily Averin | 2021-03-17 | 1 | -2/+4 |
| * | netfilter: nf_nat: undo erroneous tcp edemux lookup | Florian Westphal | 2021-03-17 | 1 | -4/+21 |
| * | netfilter: conntrack: skip identical origin tuple in same zone only | Florian Westphal | 2021-02-17 | 1 | -1/+2 |
| * | netfilter: flowtable: fix tcp and udp header checksum update | Sven Auhagen | 2021-02-17 | 1 | -2/+2 |
| * | netfilter: nftables: fix possible UAF over chains from packet path in netns | Pablo Neira Ayuso | 2021-02-17 | 1 | -6/+19 |
| * | netfilter: xt_recent: Fix attempt to update deleted entry | Jozsef Kadlecsik | 2021-02-17 | 1 | -2/+10 |
| * | netfilter: nft_dynset: add timeout extension to template | Pablo Neira Ayuso | 2021-02-03 | 1 | -1/+3 |
| * | netfilter: nft_compat: remove flush counter optimization | Florian Westphal | 2021-01-19 | 1 | -23/+14 |
| * | netfilter: nf_nat: Fix memleak in nf_nat_init | Dinghao Liu | 2021-01-19 | 1 | -0/+1 |
| * | netfilter: conntrack: fix reading nf_conntrack_buckets | Jesper Dangaard Brouer | 2021-01-19 | 1 | -0/+3 |
| * | netfilter: ipset: fixes possible oops in mtype_resize | Vasily Averin | 2021-01-19 | 1 | -9/+13 |
| * | netfilter: nft_dynset: report EOPNOTSUPP on missing set feature | Pablo Neira Ayuso | 2021-01-12 | 1 | -3/+3 |
| * | netfilter: xt_RATEEST: reject non-null terminated string from userspace | Florian Westphal | 2021-01-12 | 1 | -0/+3 |
| * | netfilter: ipset: fix shift-out-of-bounds in htable_bits() | Vasily Averin | 2021-01-12 | 1 | -15/+5 |
| * | netfilter: nft_ct: Remove confirmation check for NFT_CT_ID | Brett Mastbergen | 2020-12-30 | 1 | -2/+0 |
| * | netfilter: nft_dynset: fix timeouts later than 23 days | Pablo Neira Ayuso | 2020-12-30 | 2 | -5/+7 |
| * | netfilter: nft_compat: make sure xtables destructors have run | Florian Westphal | 2020-12-30 | 2 | -6/+40 |
| * | netfilter: x_tables: Switch synchronization to RCU | Subash Abhinov Kasiviswanathan | 2020-12-30 | 1 | -34/+15 |
| * | netfilter: nftables_offload: set address type in control dissector | Pablo Neira Ayuso | 2020-12-11 | 2 | -0/+21 |
| * | netfilter: nf_tables: avoid false-postive lockdep splat | Florian Westphal | 2020-12-11 | 1 | -1/+2 |
| * | netfilter: ipset: prevent uninit-value in hash_ip6_add | Eric Dumazet | 2020-12-11 | 1 | -2/+1 |
| * | netfilter: ipset: Update byte and packet counters regardless of whether they ... | Stefano Brivio | 2020-11-18 | 1 | -1/+2 |
| * | netfilter: nf_tables: missing validation from the abort path | Pablo Neira Ayuso | 2020-11-18 | 2 | -9/+28 |
| * | netfilter: use actual socket sk rather than skb sk when routing harder | Jason A. Donenfeld | 2020-11-18 | 5 | -9/+9 |
